"We confirm that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo and other company users names and passwords was compromised yesterday, July 11," Caroline MacLeod-Smith, Yahoo's head of consumer PR in the UK said via e-mail. "Of these, less than 5 percent of the Yahoo accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."
The group of hackers calls itself "the D33Ds Company" and claims to have hacked into the database by exploiting an SQL injection vulnerability found on a Yahoo subdomain. They published a list of over 453,000 log-in credentials on the Internet that were allegedly stolen from a database associated with an unnamed Yahoo service.
Source
